2 Unix SMB/CIFS implementation.
3 process incoming packets - main loop
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Volker Lendecke 2005-2007
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 extern struct auth_context *negprot_global_auth_context;
24 extern int smb_echo_count;
26 const int total_buffer_size = (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
27 static enum smb_read_errors smb_read_error = SMB_READ_OK;
30 * Size of data we can send to client. Set
31 * by the client for all protocols above CORE.
32 * Set by us for CORE protocol.
34 int max_send = BUFFER_SIZE;
36 * Size of the data we can receive. Set by us.
37 * Can be modified by the max xmit parameter.
39 int max_recv = BUFFER_SIZE;
41 SIG_ATOMIC_T reload_after_sighup = 0;
42 SIG_ATOMIC_T got_sig_term = 0;
43 extern bool global_machine_password_needs_changing;
46 /* Accessor function for smb_read_error for smbd functions. */
48 enum smb_read_errors *get_srv_read_error(void)
50 return &smb_read_error;
53 /****************************************************************************
55 ****************************************************************************/
57 bool srv_send_smb(int fd, char *buffer, bool do_encrypt)
62 char *buf_out = buffer;
64 /* Sign the outgoing packet if required. */
65 srv_calculate_sign_mac(buf_out);
68 NTSTATUS status = srv_encrypt_buffer(buffer, &buf_out);
69 if (!NT_STATUS_IS_OK(status)) {
70 DEBUG(0, ("send_smb: SMB encryption failed "
71 "on outgoing packet! Error %s\n",
77 len = smb_len(buf_out) + 4;
79 while (nwritten < len) {
80 ret = write_data(fd,buf_out+nwritten,len - nwritten);
82 DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
83 (int)len,(int)ret, strerror(errno) ));
84 srv_free_enc_buffer(buf_out);
90 srv_free_enc_buffer(buf_out);
94 /*******************************************************************
95 Setup the word count and byte count for a smb message.
96 ********************************************************************/
98 int srv_set_message(char *buf,
103 if (zero && (num_words || num_bytes)) {
104 memset(buf + smb_size,'\0',num_words*2 + num_bytes);
106 SCVAL(buf,smb_wct,num_words);
107 SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
108 smb_setlen(buf,(smb_size + num_words*2 + num_bytes - 4));
109 return (smb_size + num_words*2 + num_bytes);
112 static bool valid_smb_header(const uint8_t *inbuf)
114 if (is_encrypted_packet(inbuf)) {
117 return (strncmp(smb_base(inbuf),"\377SMB",4) == 0);
120 /* Socket functions for smbd packet processing. */
122 static bool valid_packet_size(size_t len)
125 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
126 * of header. Don't print the error if this fits.... JRA.
129 if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
130 DEBUG(0,("Invalid packet length! (%lu bytes).\n",
131 (unsigned long)len));
132 if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
135 * Correct fix. smb_read_error may have already been
136 * set. Only set it here if not already set. Global
137 * variables still suck :-). JRA.
140 cond_set_smb_read_error(get_srv_read_error(),
148 static ssize_t read_packet_remainder(int fd,
150 unsigned int timeout,
160 ret = read_socket_with_timeout(fd,
165 get_srv_read_error());
167 ret = read_data(fd, buffer, len, get_srv_read_error());
171 cond_set_smb_read_error(get_srv_read_error(),
179 /****************************************************************************
180 Attempt a zerocopy writeX read. We know here that len > smb_size-4
181 ****************************************************************************/
184 * Unfortunately, earlier versions of smbclient/libsmbclient
185 * don't send this "standard" writeX header. I've fixed this
186 * for 3.2 but we'll use the old method with earlier versions.
187 * Windows and CIFSFS at least use this standard size. Not
191 #define STANDARD_WRITE_AND_X_HEADER_SIZE (smb_size - 4 + /* basic header */ \
192 (2*14) + /* word count (including bcc) */ \
195 static ssize_t receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
196 const char lenbuf[4],
199 unsigned int timeout,
202 /* Size of a WRITEX call (+4 byte len). */
203 char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
204 ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
208 memcpy(writeX_header, lenbuf, sizeof(lenbuf));
211 ret = read_socket_with_timeout(fd,
213 STANDARD_WRITE_AND_X_HEADER_SIZE,
214 STANDARD_WRITE_AND_X_HEADER_SIZE,
216 get_srv_read_error());
220 STANDARD_WRITE_AND_X_HEADER_SIZE,
221 get_srv_read_error());
224 if (ret != STANDARD_WRITE_AND_X_HEADER_SIZE) {
225 cond_set_smb_read_error(get_srv_read_error(),
231 * Ok - now try and see if this is a possible
235 if (is_valid_writeX_buffer((uint8_t *)writeX_header)) {
237 * If the data offset is beyond what
238 * we've read, drain the extra bytes.
240 uint16_t doff = SVAL(writeX_header,smb_vwv11);
243 if (doff > STANDARD_WRITE_AND_X_HEADER_SIZE) {
244 size_t drain = doff - STANDARD_WRITE_AND_X_HEADER_SIZE;
245 if (drain_socket(smbd_server_fd(), drain) != drain) {
246 smb_panic("receive_smb_raw_talloc_partial_read:"
247 " failed to drain pending bytes");
250 doff = STANDARD_WRITE_AND_X_HEADER_SIZE;
253 /* Spoof down the length and null out the bcc. */
254 set_message_bcc(writeX_header, 0);
255 newlen = smb_len(writeX_header);
257 /* Copy the header we've written. */
259 *buffer = (char *)TALLOC_MEMDUP(mem_ctx,
261 sizeof(writeX_header));
263 if (*buffer == NULL) {
264 DEBUG(0, ("Could not allocate inbuf of length %d\n",
265 (int)sizeof(writeX_header)));
266 cond_set_smb_read_error(get_srv_read_error(),
271 /* Work out the remaining bytes. */
272 *p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
277 if (!valid_packet_size(len)) {
282 * Not a valid writeX call. Just do the standard
286 *buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
288 if (*buffer == NULL) {
289 DEBUG(0, ("Could not allocate inbuf of length %d\n",
291 cond_set_smb_read_error(get_srv_read_error(),
296 /* Copy in what we already read. */
299 4 + STANDARD_WRITE_AND_X_HEADER_SIZE);
300 toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
303 ret = read_packet_remainder(fd,
304 (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
315 static ssize_t receive_smb_raw_talloc(TALLOC_CTX *mem_ctx,
318 unsigned int timeout,
323 int min_recv_size = lp_min_receive_file_size();
325 set_smb_read_error(get_srv_read_error(),SMB_READ_OK);
328 len = read_smb_length_return_keepalive(fd, lenbuf,
329 timeout, get_srv_read_error());
331 DEBUG(10,("receive_smb_raw: length < 0!\n"));
334 * Correct fix. smb_read_error may have already been
335 * set. Only set it here if not already set. Global
336 * variables still suck :-). JRA.
339 cond_set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
343 if (CVAL(lenbuf,0) == 0 &&
345 smb_len_large(lenbuf) > min_recv_size && /* Could be a UNIX large writeX. */
346 !srv_is_signing_active()) {
348 return receive_smb_raw_talloc_partial_read(mem_ctx,
356 if (!valid_packet_size(len)) {
361 * The +4 here can't wrap, we've checked the length above already.
364 *buffer = TALLOC_ARRAY(mem_ctx, char, len+4);
366 if (*buffer == NULL) {
367 DEBUG(0, ("Could not allocate inbuf of length %d\n",
369 cond_set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
373 memcpy(*buffer, lenbuf, sizeof(lenbuf));
375 ret = read_packet_remainder(fd, (*buffer)+4, timeout, len);
383 static ssize_t receive_smb_talloc(TALLOC_CTX *mem_ctx,
386 unsigned int timeout,
392 *p_encrypted = false;
394 len = receive_smb_raw_talloc(mem_ctx, fd, buffer, timeout, p_unread);
400 if (is_encrypted_packet((uint8_t *)*buffer)) {
401 NTSTATUS status = srv_decrypt_buffer(*buffer);
402 if (!NT_STATUS_IS_OK(status)) {
403 DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
404 "incoming packet! Error %s\n",
405 nt_errstr(status) ));
406 cond_set_smb_read_error(get_srv_read_error(),
407 SMB_READ_BAD_DECRYPT);
413 /* Check the incoming SMB signature. */
414 if (!srv_check_sign_mac(*buffer, true)) {
415 DEBUG(0, ("receive_smb: SMB Signature verification failed on "
416 "incoming packet!\n"));
417 cond_set_smb_read_error(get_srv_read_error(),SMB_READ_BAD_SIG);
425 * Initialize a struct smb_request from an inbuf
428 void init_smb_request(struct smb_request *req,
433 size_t req_size = smb_len(inbuf) + 4;
434 /* Ensure we have at least smb_size bytes. */
435 if (req_size < smb_size) {
436 DEBUG(0,("init_smb_request: invalid request size %u\n",
437 (unsigned int)req_size ));
438 exit_server_cleanly("Invalid SMB request");
440 req->flags2 = SVAL(inbuf, smb_flg2);
441 req->smbpid = SVAL(inbuf, smb_pid);
442 req->mid = SVAL(inbuf, smb_mid);
443 req->vuid = SVAL(inbuf, smb_uid);
444 req->tid = SVAL(inbuf, smb_tid);
445 req->wct = CVAL(inbuf, smb_wct);
446 req->unread_bytes = unread_bytes;
447 req->encrypted = encrypted;
448 req->conn = conn_find(req->tid);
450 /* Ensure we have at least wct words and 2 bytes of bcc. */
451 if (smb_size + req->wct*2 > req_size) {
452 DEBUG(0,("init_smb_request: invalid wct number %u (size %u)\n",
453 (unsigned int)req->wct,
454 (unsigned int)req_size));
455 exit_server_cleanly("Invalid SMB request");
457 /* Ensure bcc is correct. */
458 if (((uint8 *)smb_buf(inbuf)) + smb_buflen(inbuf) > inbuf + req_size) {
459 DEBUG(0,("init_smb_request: invalid bcc number %u "
460 "(wct = %u, size %u)\n",
461 (unsigned int)smb_buflen(inbuf),
462 (unsigned int)req->wct,
463 (unsigned int)req_size));
464 exit_server_cleanly("Invalid SMB request");
470 /****************************************************************************
471 structure to hold a linked list of queued messages.
473 ****************************************************************************/
475 static struct pending_message_list *deferred_open_queue;
477 /****************************************************************************
478 Function to push a message onto the tail of a linked list of smb messages ready
480 ****************************************************************************/
482 static bool push_queued_message(struct smb_request *req,
483 struct timeval request_time,
484 struct timeval end_time,
485 char *private_data, size_t private_len)
487 int msg_len = smb_len(req->inbuf) + 4;
488 struct pending_message_list *msg;
490 msg = TALLOC_ZERO_P(NULL, struct pending_message_list);
493 DEBUG(0,("push_message: malloc fail (1)\n"));
497 msg->buf = data_blob_talloc(msg, req->inbuf, msg_len);
498 if(msg->buf.data == NULL) {
499 DEBUG(0,("push_message: malloc fail (2)\n"));
504 msg->request_time = request_time;
505 msg->end_time = end_time;
506 msg->encrypted = req->encrypted;
509 msg->private_data = data_blob_talloc(msg, private_data,
511 if (msg->private_data.data == NULL) {
512 DEBUG(0,("push_message: malloc fail (3)\n"));
518 DLIST_ADD_END(deferred_open_queue, msg, struct pending_message_list *);
520 DEBUG(10,("push_message: pushed message length %u on "
521 "deferred_open_queue\n", (unsigned int)msg_len));
526 /****************************************************************************
527 Function to delete a sharing violation open message by mid.
528 ****************************************************************************/
530 void remove_deferred_open_smb_message(uint16 mid)
532 struct pending_message_list *pml;
534 for (pml = deferred_open_queue; pml; pml = pml->next) {
535 if (mid == SVAL(pml->buf.data,smb_mid)) {
536 DEBUG(10,("remove_sharing_violation_open_smb_message: "
537 "deleting mid %u len %u\n",
539 (unsigned int)pml->buf.length ));
540 DLIST_REMOVE(deferred_open_queue, pml);
547 /****************************************************************************
548 Move a sharing violation open retry message to the front of the list and
549 schedule it for immediate processing.
550 ****************************************************************************/
552 void schedule_deferred_open_smb_message(uint16 mid)
554 struct pending_message_list *pml;
557 for (pml = deferred_open_queue; pml; pml = pml->next) {
558 uint16 msg_mid = SVAL(pml->buf.data,smb_mid);
559 DEBUG(10,("schedule_deferred_open_smb_message: [%d] msg_mid = %u\n", i++,
560 (unsigned int)msg_mid ));
561 if (mid == msg_mid) {
562 DEBUG(10,("schedule_deferred_open_smb_message: scheduling mid %u\n",
564 pml->end_time.tv_sec = 0;
565 pml->end_time.tv_usec = 0;
566 DLIST_PROMOTE(deferred_open_queue, pml);
571 DEBUG(10,("schedule_deferred_open_smb_message: failed to find message mid %u\n",
575 /****************************************************************************
576 Return true if this mid is on the deferred queue.
577 ****************************************************************************/
579 bool open_was_deferred(uint16 mid)
581 struct pending_message_list *pml;
583 for (pml = deferred_open_queue; pml; pml = pml->next) {
584 if (SVAL(pml->buf.data,smb_mid) == mid) {
591 /****************************************************************************
592 Return the message queued by this mid.
593 ****************************************************************************/
595 struct pending_message_list *get_open_deferred_message(uint16 mid)
597 struct pending_message_list *pml;
599 for (pml = deferred_open_queue; pml; pml = pml->next) {
600 if (SVAL(pml->buf.data,smb_mid) == mid) {
607 /****************************************************************************
608 Function to push a deferred open smb message onto a linked list of local smb
609 messages ready for processing.
610 ****************************************************************************/
612 bool push_deferred_smb_message(struct smb_request *req,
613 struct timeval request_time,
614 struct timeval timeout,
615 char *private_data, size_t priv_len)
617 struct timeval end_time;
619 if (req->unread_bytes) {
620 DEBUG(0,("push_deferred_smb_message: logic error ! "
621 "unread_bytes = %u\n",
622 (unsigned int)req->unread_bytes ));
623 smb_panic("push_deferred_smb_message: "
624 "logic error unread_bytes != 0" );
627 end_time = timeval_sum(&request_time, &timeout);
629 DEBUG(10,("push_deferred_open_smb_message: pushing message len %u mid %u "
630 "timeout time [%u.%06u]\n",
631 (unsigned int) smb_len(req->inbuf)+4, (unsigned int)req->mid,
632 (unsigned int)end_time.tv_sec,
633 (unsigned int)end_time.tv_usec));
635 return push_queued_message(req, request_time, end_time,
636 private_data, priv_len);
640 struct timed_event *te;
641 struct timeval interval;
643 bool (*handler)(const struct timeval *now, void *private_data);
647 static void idle_event_handler(struct event_context *ctx,
648 struct timed_event *te,
649 const struct timeval *now,
652 struct idle_event *event =
653 talloc_get_type_abort(private_data, struct idle_event);
655 TALLOC_FREE(event->te);
657 if (!event->handler(now, event->private_data)) {
658 /* Don't repeat, delete ourselves */
663 event->te = event_add_timed(ctx, event,
664 timeval_sum(now, &event->interval),
666 idle_event_handler, event);
668 /* We can't do much but fail here. */
669 SMB_ASSERT(event->te != NULL);
672 struct idle_event *event_add_idle(struct event_context *event_ctx,
674 struct timeval interval,
676 bool (*handler)(const struct timeval *now,
680 struct idle_event *result;
681 struct timeval now = timeval_current();
683 result = TALLOC_P(mem_ctx, struct idle_event);
684 if (result == NULL) {
685 DEBUG(0, ("talloc failed\n"));
689 result->interval = interval;
690 result->handler = handler;
691 result->private_data = private_data;
693 if (!(result->name = talloc_asprintf(result, "idle_evt(%s)", name))) {
694 DEBUG(0, ("talloc failed\n"));
699 result->te = event_add_timed(event_ctx, result,
700 timeval_sum(&now, &interval),
702 idle_event_handler, result);
703 if (result->te == NULL) {
704 DEBUG(0, ("event_add_timed failed\n"));
712 /****************************************************************************
713 Do all async processing in here. This includes kernel oplock messages, change
715 ****************************************************************************/
717 static void async_processing(fd_set *pfds)
719 DEBUG(10,("async_processing: Doing async processing.\n"));
723 process_kernel_oplocks(smbd_messaging_context(), pfds);
725 /* Do the aio check again after receive_local_message as it does a
726 select and may have eaten our signal. */
727 /* Is this till true? -- vl */
731 exit_server_cleanly("termination signal");
734 /* check for sighup processing */
735 if (reload_after_sighup) {
736 change_to_root_user();
737 DEBUG(1,("Reloading services after SIGHUP\n"));
738 reload_services(False);
739 reload_after_sighup = 0;
743 /****************************************************************************
744 Add a fd to the set we will be select(2)ing on.
745 ****************************************************************************/
747 static int select_on_fd(int fd, int maxfd, fd_set *fds)
751 maxfd = MAX(maxfd, fd);
757 /****************************************************************************
758 Do a select on an two fd's - with timeout.
760 If a local udp message has been pushed onto the
761 queue (this can only happen during oplock break
762 processing) call async_processing()
764 If a pending smb message has been pushed onto the
765 queue (this can only happen during oplock break
766 processing) return this next.
768 If the first smbfd is ready then read an smb from it.
769 if the second (loopback UDP) fd is ready then read a message
770 from it and setup the buffer header to identify the length
772 Returns False on timeout or error.
775 The timeout is in milliseconds
776 ****************************************************************************/
778 static bool receive_message_or_smb(TALLOC_CTX *mem_ctx,
792 set_smb_read_error(get_srv_read_error(),SMB_READ_OK);
797 to.tv_sec = timeout / 1000;
798 to.tv_usec = (timeout % 1000) * 1000;
800 to.tv_sec = SMBD_SELECT_TIMEOUT;
805 * Note that this call must be before processing any SMB
806 * messages as we need to synchronously process any messages
807 * we may have sent to ourselves from the previous SMB.
809 message_dispatch(smbd_messaging_context());
812 * Check to see if we already have a message on the deferred open queue
813 * and it's time to schedule.
815 if(deferred_open_queue != NULL) {
816 bool pop_message = False;
817 struct pending_message_list *msg = deferred_open_queue;
819 if (timeval_is_zero(&msg->end_time)) {
826 tdif = usec_time_diff(&msg->end_time, &tv);
828 /* Timed out. Schedule...*/
830 DEBUG(10,("receive_message_or_smb: queued message timed out.\n"));
832 /* Make a more accurate select timeout. */
833 to.tv_sec = tdif / 1000000;
834 to.tv_usec = tdif % 1000000;
835 DEBUG(10,("receive_message_or_smb: select with timeout of [%u.%06u]\n",
836 (unsigned int)to.tv_sec, (unsigned int)to.tv_usec ));
842 *buffer = (char *)talloc_memdup(mem_ctx, msg->buf.data,
844 if (*buffer == NULL) {
845 DEBUG(0, ("talloc failed\n"));
846 set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
849 *buffer_len = msg->buf.length;
850 *p_encrypted = msg->encrypted;
852 /* We leave this message on the queue so the open code can
853 know this is a retry. */
854 DEBUG(5,("receive_message_or_smb: returning deferred open smb message.\n"));
860 * Setup the select fd sets.
867 * Ensure we process oplock break messages by preference.
868 * We have to do this before the select, after the select
869 * and if the select returns EINTR. This is due to the fact
870 * that the selects called from async_processing can eat an EINTR
871 * caused by a signal (we can't take the break message there).
872 * This is hideously complex - *MUST* be simplified for 3.0 ! JRA.
875 if (oplock_message_waiting(&r_fds)) {
876 DEBUG(10,("receive_message_or_smb: oplock_message is waiting.\n"));
877 async_processing(&r_fds);
879 * After async processing we must go and do the select again, as
880 * the state of the flag in fds for the server file descriptor is
881 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
887 * Are there any timed events waiting ? If so, ensure we don't
888 * select for longer than it would take to wait for them.
895 event_add_to_select_args(smbd_event_context(), &now,
896 &r_fds, &w_fds, &to, &maxfd);
899 if (timeval_is_zero(&to)) {
900 /* Process a timed event now... */
901 if (run_events(smbd_event_context(), 0, NULL, NULL)) {
908 START_PROFILE(smbd_idle);
910 maxfd = select_on_fd(smbd_server_fd(), maxfd, &r_fds);
911 maxfd = select_on_fd(oplock_notify_fd(), maxfd, &r_fds);
913 selrtn = sys_select(maxfd+1,&r_fds,&w_fds,NULL,&to);
916 END_PROFILE(smbd_idle);
920 if (run_events(smbd_event_context(), selrtn, &r_fds, &w_fds)) {
924 /* if we get EINTR then maybe we have received an oplock
925 signal - treat this as select returning 1. This is ugly, but
926 is the best we can do until the oplock code knows more about
928 if (selrtn == -1 && errno == EINTR) {
929 async_processing(&r_fds);
931 * After async processing we must go and do the select again, as
932 * the state of the flag in fds for the server file descriptor is
933 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
940 /* something is wrong. Maybe the socket is dead? */
941 set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
945 /* Did we timeout ? */
947 set_smb_read_error(get_srv_read_error(),SMB_READ_TIMEOUT);
952 * Ensure we process oplock break messages by preference.
953 * This is IMPORTANT ! Otherwise we can starve other processes
954 * sending us an oplock break message. JRA.
957 if (oplock_message_waiting(&r_fds)) {
958 async_processing(&r_fds);
960 * After async processing we must go and do the select again, as
961 * the state of the flag in fds for the server file descriptor is
962 * indeterminate - we may have done I/O on it in the oplock processing. JRA.
967 len = receive_smb_talloc(mem_ctx, smbd_server_fd(),
968 buffer, 0, p_unread, p_encrypted);
974 *buffer_len = (size_t)len;
980 * Only allow 5 outstanding trans requests. We're allocating memory, so
984 NTSTATUS allow_new_trans(struct trans_state *list, int mid)
987 for (; list != NULL; list = list->next) {
989 if (list->mid == mid) {
990 return NT_STATUS_INVALID_PARAMETER;
996 return NT_STATUS_INSUFFICIENT_RESOURCES;
1002 /****************************************************************************
1003 We're terminating and have closed all our files/connections etc.
1004 If there are any pending local messages we need to respond to them
1005 before termination so that other smbds don't think we just died whilst
1007 ****************************************************************************/
1009 void respond_to_all_remaining_local_messages(void)
1012 * Assert we have no exclusive open oplocks.
1015 if(get_number_of_exclusive_open_oplocks()) {
1016 DEBUG(0,("respond_to_all_remaining_local_messages: PANIC : we have %d exclusive oplocks.\n",
1017 get_number_of_exclusive_open_oplocks() ));
1021 process_kernel_oplocks(smbd_messaging_context(), NULL);
1028 These flags determine some of the permissions required to do an operation
1030 Note that I don't set NEED_WRITE on some write operations because they
1031 are used by some brain-dead clients when printing, and I don't want to
1032 force write permissions on print services.
1034 #define AS_USER (1<<0)
1035 #define NEED_WRITE (1<<1) /* Must be paired with AS_USER */
1036 #define TIME_INIT (1<<2)
1037 #define CAN_IPC (1<<3) /* Must be paired with AS_USER */
1038 #define AS_GUEST (1<<5) /* Must *NOT* be paired with AS_USER */
1039 #define DO_CHDIR (1<<6)
1042 define a list of possible SMB messages and their corresponding
1043 functions. Any message that has a NULL function is unimplemented -
1044 please feel free to contribute implementations!
1046 static const struct smb_message_struct {
1048 void (*fn_new)(struct smb_request *req);
1050 } smb_messages[256] = {
1052 /* 0x00 */ { "SMBmkdir",reply_mkdir,AS_USER | NEED_WRITE},
1053 /* 0x01 */ { "SMBrmdir",reply_rmdir,AS_USER | NEED_WRITE},
1054 /* 0x02 */ { "SMBopen",reply_open,AS_USER },
1055 /* 0x03 */ { "SMBcreate",reply_mknew,AS_USER},
1056 /* 0x04 */ { "SMBclose",reply_close,AS_USER | CAN_IPC },
1057 /* 0x05 */ { "SMBflush",reply_flush,AS_USER},
1058 /* 0x06 */ { "SMBunlink",reply_unlink,AS_USER | NEED_WRITE },
1059 /* 0x07 */ { "SMBmv",reply_mv,AS_USER | NEED_WRITE },
1060 /* 0x08 */ { "SMBgetatr",reply_getatr,AS_USER},
1061 /* 0x09 */ { "SMBsetatr",reply_setatr,AS_USER | NEED_WRITE},
1062 /* 0x0a */ { "SMBread",reply_read,AS_USER},
1063 /* 0x0b */ { "SMBwrite",reply_write,AS_USER | CAN_IPC },
1064 /* 0x0c */ { "SMBlock",reply_lock,AS_USER},
1065 /* 0x0d */ { "SMBunlock",reply_unlock,AS_USER},
1066 /* 0x0e */ { "SMBctemp",reply_ctemp,AS_USER },
1067 /* 0x0f */ { "SMBmknew",reply_mknew,AS_USER},
1068 /* 0x10 */ { "SMBcheckpath",reply_checkpath,AS_USER},
1069 /* 0x11 */ { "SMBexit",reply_exit,DO_CHDIR},
1070 /* 0x12 */ { "SMBlseek",reply_lseek,AS_USER},
1071 /* 0x13 */ { "SMBlockread",reply_lockread,AS_USER},
1072 /* 0x14 */ { "SMBwriteunlock",reply_writeunlock,AS_USER},
1073 /* 0x15 */ { NULL, NULL, 0 },
1074 /* 0x16 */ { NULL, NULL, 0 },
1075 /* 0x17 */ { NULL, NULL, 0 },
1076 /* 0x18 */ { NULL, NULL, 0 },
1077 /* 0x19 */ { NULL, NULL, 0 },
1078 /* 0x1a */ { "SMBreadbraw",reply_readbraw,AS_USER},
1079 /* 0x1b */ { "SMBreadBmpx",reply_readbmpx,AS_USER},
1080 /* 0x1c */ { "SMBreadBs",reply_readbs,AS_USER },
1081 /* 0x1d */ { "SMBwritebraw",reply_writebraw,AS_USER},
1082 /* 0x1e */ { "SMBwriteBmpx",reply_writebmpx,AS_USER},
1083 /* 0x1f */ { "SMBwriteBs",reply_writebs,AS_USER},
1084 /* 0x20 */ { "SMBwritec", NULL,0},
1085 /* 0x21 */ { NULL, NULL, 0 },
1086 /* 0x22 */ { "SMBsetattrE",reply_setattrE,AS_USER | NEED_WRITE },
1087 /* 0x23 */ { "SMBgetattrE",reply_getattrE,AS_USER },
1088 /* 0x24 */ { "SMBlockingX",reply_lockingX,AS_USER },
1089 /* 0x25 */ { "SMBtrans",reply_trans,AS_USER | CAN_IPC },
1090 /* 0x26 */ { "SMBtranss",reply_transs,AS_USER | CAN_IPC},
1091 /* 0x27 */ { "SMBioctl",reply_ioctl,0},
1092 /* 0x28 */ { "SMBioctls", NULL,AS_USER},
1093 /* 0x29 */ { "SMBcopy",reply_copy,AS_USER | NEED_WRITE },
1094 /* 0x2a */ { "SMBmove", NULL,AS_USER | NEED_WRITE },
1095 /* 0x2b */ { "SMBecho",reply_echo,0},
1096 /* 0x2c */ { "SMBwriteclose",reply_writeclose,AS_USER},
1097 /* 0x2d */ { "SMBopenX",reply_open_and_X,AS_USER | CAN_IPC },
1098 /* 0x2e */ { "SMBreadX",reply_read_and_X,AS_USER | CAN_IPC },
1099 /* 0x2f */ { "SMBwriteX",reply_write_and_X,AS_USER | CAN_IPC },
1100 /* 0x30 */ { NULL, NULL, 0 },
1101 /* 0x31 */ { NULL, NULL, 0 },
1102 /* 0x32 */ { "SMBtrans2",reply_trans2, AS_USER | CAN_IPC },
1103 /* 0x33 */ { "SMBtranss2",reply_transs2, AS_USER},
1104 /* 0x34 */ { "SMBfindclose",reply_findclose,AS_USER},
1105 /* 0x35 */ { "SMBfindnclose",reply_findnclose,AS_USER},
1106 /* 0x36 */ { NULL, NULL, 0 },
1107 /* 0x37 */ { NULL, NULL, 0 },
1108 /* 0x38 */ { NULL, NULL, 0 },
1109 /* 0x39 */ { NULL, NULL, 0 },
1110 /* 0x3a */ { NULL, NULL, 0 },
1111 /* 0x3b */ { NULL, NULL, 0 },
1112 /* 0x3c */ { NULL, NULL, 0 },
1113 /* 0x3d */ { NULL, NULL, 0 },
1114 /* 0x3e */ { NULL, NULL, 0 },
1115 /* 0x3f */ { NULL, NULL, 0 },
1116 /* 0x40 */ { NULL, NULL, 0 },
1117 /* 0x41 */ { NULL, NULL, 0 },
1118 /* 0x42 */ { NULL, NULL, 0 },
1119 /* 0x43 */ { NULL, NULL, 0 },
1120 /* 0x44 */ { NULL, NULL, 0 },
1121 /* 0x45 */ { NULL, NULL, 0 },
1122 /* 0x46 */ { NULL, NULL, 0 },
1123 /* 0x47 */ { NULL, NULL, 0 },
1124 /* 0x48 */ { NULL, NULL, 0 },
1125 /* 0x49 */ { NULL, NULL, 0 },
1126 /* 0x4a */ { NULL, NULL, 0 },
1127 /* 0x4b */ { NULL, NULL, 0 },
1128 /* 0x4c */ { NULL, NULL, 0 },
1129 /* 0x4d */ { NULL, NULL, 0 },
1130 /* 0x4e */ { NULL, NULL, 0 },
1131 /* 0x4f */ { NULL, NULL, 0 },
1132 /* 0x50 */ { NULL, NULL, 0 },
1133 /* 0x51 */ { NULL, NULL, 0 },
1134 /* 0x52 */ { NULL, NULL, 0 },
1135 /* 0x53 */ { NULL, NULL, 0 },
1136 /* 0x54 */ { NULL, NULL, 0 },
1137 /* 0x55 */ { NULL, NULL, 0 },
1138 /* 0x56 */ { NULL, NULL, 0 },
1139 /* 0x57 */ { NULL, NULL, 0 },
1140 /* 0x58 */ { NULL, NULL, 0 },
1141 /* 0x59 */ { NULL, NULL, 0 },
1142 /* 0x5a */ { NULL, NULL, 0 },
1143 /* 0x5b */ { NULL, NULL, 0 },
1144 /* 0x5c */ { NULL, NULL, 0 },
1145 /* 0x5d */ { NULL, NULL, 0 },
1146 /* 0x5e */ { NULL, NULL, 0 },
1147 /* 0x5f */ { NULL, NULL, 0 },
1148 /* 0x60 */ { NULL, NULL, 0 },
1149 /* 0x61 */ { NULL, NULL, 0 },
1150 /* 0x62 */ { NULL, NULL, 0 },
1151 /* 0x63 */ { NULL, NULL, 0 },
1152 /* 0x64 */ { NULL, NULL, 0 },
1153 /* 0x65 */ { NULL, NULL, 0 },
1154 /* 0x66 */ { NULL, NULL, 0 },
1155 /* 0x67 */ { NULL, NULL, 0 },
1156 /* 0x68 */ { NULL, NULL, 0 },
1157 /* 0x69 */ { NULL, NULL, 0 },
1158 /* 0x6a */ { NULL, NULL, 0 },
1159 /* 0x6b */ { NULL, NULL, 0 },
1160 /* 0x6c */ { NULL, NULL, 0 },
1161 /* 0x6d */ { NULL, NULL, 0 },
1162 /* 0x6e */ { NULL, NULL, 0 },
1163 /* 0x6f */ { NULL, NULL, 0 },
1164 /* 0x70 */ { "SMBtcon",reply_tcon,0},
1165 /* 0x71 */ { "SMBtdis",reply_tdis,DO_CHDIR},
1166 /* 0x72 */ { "SMBnegprot",reply_negprot,0},
1167 /* 0x73 */ { "SMBsesssetupX",reply_sesssetup_and_X,0},
1168 /* 0x74 */ { "SMBulogoffX",reply_ulogoffX, 0}, /* ulogoff doesn't give a valid TID */
1169 /* 0x75 */ { "SMBtconX",reply_tcon_and_X,0},
1170 /* 0x76 */ { NULL, NULL, 0 },
1171 /* 0x77 */ { NULL, NULL, 0 },
1172 /* 0x78 */ { NULL, NULL, 0 },
1173 /* 0x79 */ { NULL, NULL, 0 },
1174 /* 0x7a */ { NULL, NULL, 0 },
1175 /* 0x7b */ { NULL, NULL, 0 },
1176 /* 0x7c */ { NULL, NULL, 0 },
1177 /* 0x7d */ { NULL, NULL, 0 },
1178 /* 0x7e */ { NULL, NULL, 0 },
1179 /* 0x7f */ { NULL, NULL, 0 },
1180 /* 0x80 */ { "SMBdskattr",reply_dskattr,AS_USER},
1181 /* 0x81 */ { "SMBsearch",reply_search,AS_USER},
1182 /* 0x82 */ { "SMBffirst",reply_search,AS_USER},
1183 /* 0x83 */ { "SMBfunique",reply_search,AS_USER},
1184 /* 0x84 */ { "SMBfclose",reply_fclose,AS_USER},
1185 /* 0x85 */ { NULL, NULL, 0 },
1186 /* 0x86 */ { NULL, NULL, 0 },
1187 /* 0x87 */ { NULL, NULL, 0 },
1188 /* 0x88 */ { NULL, NULL, 0 },
1189 /* 0x89 */ { NULL, NULL, 0 },
1190 /* 0x8a */ { NULL, NULL, 0 },
1191 /* 0x8b */ { NULL, NULL, 0 },
1192 /* 0x8c */ { NULL, NULL, 0 },
1193 /* 0x8d */ { NULL, NULL, 0 },
1194 /* 0x8e */ { NULL, NULL, 0 },
1195 /* 0x8f */ { NULL, NULL, 0 },
1196 /* 0x90 */ { NULL, NULL, 0 },
1197 /* 0x91 */ { NULL, NULL, 0 },
1198 /* 0x92 */ { NULL, NULL, 0 },
1199 /* 0x93 */ { NULL, NULL, 0 },
1200 /* 0x94 */ { NULL, NULL, 0 },
1201 /* 0x95 */ { NULL, NULL, 0 },
1202 /* 0x96 */ { NULL, NULL, 0 },
1203 /* 0x97 */ { NULL, NULL, 0 },
1204 /* 0x98 */ { NULL, NULL, 0 },
1205 /* 0x99 */ { NULL, NULL, 0 },
1206 /* 0x9a */ { NULL, NULL, 0 },
1207 /* 0x9b */ { NULL, NULL, 0 },
1208 /* 0x9c */ { NULL, NULL, 0 },
1209 /* 0x9d */ { NULL, NULL, 0 },
1210 /* 0x9e */ { NULL, NULL, 0 },
1211 /* 0x9f */ { NULL, NULL, 0 },
1212 /* 0xa0 */ { "SMBnttrans",reply_nttrans, AS_USER | CAN_IPC },
1213 /* 0xa1 */ { "SMBnttranss",reply_nttranss, AS_USER | CAN_IPC },
1214 /* 0xa2 */ { "SMBntcreateX",reply_ntcreate_and_X, AS_USER | CAN_IPC },
1215 /* 0xa3 */ { NULL, NULL, 0 },
1216 /* 0xa4 */ { "SMBntcancel",reply_ntcancel, 0 },
1217 /* 0xa5 */ { "SMBntrename",reply_ntrename, AS_USER | NEED_WRITE },
1218 /* 0xa6 */ { NULL, NULL, 0 },
1219 /* 0xa7 */ { NULL, NULL, 0 },
1220 /* 0xa8 */ { NULL, NULL, 0 },
1221 /* 0xa9 */ { NULL, NULL, 0 },
1222 /* 0xaa */ { NULL, NULL, 0 },
1223 /* 0xab */ { NULL, NULL, 0 },
1224 /* 0xac */ { NULL, NULL, 0 },
1225 /* 0xad */ { NULL, NULL, 0 },
1226 /* 0xae */ { NULL, NULL, 0 },
1227 /* 0xaf */ { NULL, NULL, 0 },
1228 /* 0xb0 */ { NULL, NULL, 0 },
1229 /* 0xb1 */ { NULL, NULL, 0 },
1230 /* 0xb2 */ { NULL, NULL, 0 },
1231 /* 0xb3 */ { NULL, NULL, 0 },
1232 /* 0xb4 */ { NULL, NULL, 0 },
1233 /* 0xb5 */ { NULL, NULL, 0 },
1234 /* 0xb6 */ { NULL, NULL, 0 },
1235 /* 0xb7 */ { NULL, NULL, 0 },
1236 /* 0xb8 */ { NULL, NULL, 0 },
1237 /* 0xb9 */ { NULL, NULL, 0 },
1238 /* 0xba */ { NULL, NULL, 0 },
1239 /* 0xbb */ { NULL, NULL, 0 },
1240 /* 0xbc */ { NULL, NULL, 0 },
1241 /* 0xbd */ { NULL, NULL, 0 },
1242 /* 0xbe */ { NULL, NULL, 0 },
1243 /* 0xbf */ { NULL, NULL, 0 },
1244 /* 0xc0 */ { "SMBsplopen",reply_printopen,AS_USER},
1245 /* 0xc1 */ { "SMBsplwr",reply_printwrite,AS_USER},
1246 /* 0xc2 */ { "SMBsplclose",reply_printclose,AS_USER},
1247 /* 0xc3 */ { "SMBsplretq",reply_printqueue,AS_USER},
1248 /* 0xc4 */ { NULL, NULL, 0 },
1249 /* 0xc5 */ { NULL, NULL, 0 },
1250 /* 0xc6 */ { NULL, NULL, 0 },
1251 /* 0xc7 */ { NULL, NULL, 0 },
1252 /* 0xc8 */ { NULL, NULL, 0 },
1253 /* 0xc9 */ { NULL, NULL, 0 },
1254 /* 0xca */ { NULL, NULL, 0 },
1255 /* 0xcb */ { NULL, NULL, 0 },
1256 /* 0xcc */ { NULL, NULL, 0 },
1257 /* 0xcd */ { NULL, NULL, 0 },
1258 /* 0xce */ { NULL, NULL, 0 },
1259 /* 0xcf */ { NULL, NULL, 0 },
1260 /* 0xd0 */ { "SMBsends",reply_sends,AS_GUEST},
1261 /* 0xd1 */ { "SMBsendb", NULL,AS_GUEST},
1262 /* 0xd2 */ { "SMBfwdname", NULL,AS_GUEST},
1263 /* 0xd3 */ { "SMBcancelf", NULL,AS_GUEST},
1264 /* 0xd4 */ { "SMBgetmac", NULL,AS_GUEST},
1265 /* 0xd5 */ { "SMBsendstrt",reply_sendstrt,AS_GUEST},
1266 /* 0xd6 */ { "SMBsendend",reply_sendend,AS_GUEST},
1267 /* 0xd7 */ { "SMBsendtxt",reply_sendtxt,AS_GUEST},
1268 /* 0xd8 */ { NULL, NULL, 0 },
1269 /* 0xd9 */ { NULL, NULL, 0 },
1270 /* 0xda */ { NULL, NULL, 0 },
1271 /* 0xdb */ { NULL, NULL, 0 },
1272 /* 0xdc */ { NULL, NULL, 0 },
1273 /* 0xdd */ { NULL, NULL, 0 },
1274 /* 0xde */ { NULL, NULL, 0 },
1275 /* 0xdf */ { NULL, NULL, 0 },
1276 /* 0xe0 */ { NULL, NULL, 0 },
1277 /* 0xe1 */ { NULL, NULL, 0 },
1278 /* 0xe2 */ { NULL, NULL, 0 },
1279 /* 0xe3 */ { NULL, NULL, 0 },
1280 /* 0xe4 */ { NULL, NULL, 0 },
1281 /* 0xe5 */ { NULL, NULL, 0 },
1282 /* 0xe6 */ { NULL, NULL, 0 },
1283 /* 0xe7 */ { NULL, NULL, 0 },
1284 /* 0xe8 */ { NULL, NULL, 0 },
1285 /* 0xe9 */ { NULL, NULL, 0 },
1286 /* 0xea */ { NULL, NULL, 0 },
1287 /* 0xeb */ { NULL, NULL, 0 },
1288 /* 0xec */ { NULL, NULL, 0 },
1289 /* 0xed */ { NULL, NULL, 0 },
1290 /* 0xee */ { NULL, NULL, 0 },
1291 /* 0xef */ { NULL, NULL, 0 },
1292 /* 0xf0 */ { NULL, NULL, 0 },
1293 /* 0xf1 */ { NULL, NULL, 0 },
1294 /* 0xf2 */ { NULL, NULL, 0 },
1295 /* 0xf3 */ { NULL, NULL, 0 },
1296 /* 0xf4 */ { NULL, NULL, 0 },
1297 /* 0xf5 */ { NULL, NULL, 0 },
1298 /* 0xf6 */ { NULL, NULL, 0 },
1299 /* 0xf7 */ { NULL, NULL, 0 },
1300 /* 0xf8 */ { NULL, NULL, 0 },
1301 /* 0xf9 */ { NULL, NULL, 0 },
1302 /* 0xfa */ { NULL, NULL, 0 },
1303 /* 0xfb */ { NULL, NULL, 0 },
1304 /* 0xfc */ { NULL, NULL, 0 },
1305 /* 0xfd */ { NULL, NULL, 0 },
1306 /* 0xfe */ { NULL, NULL, 0 },
1307 /* 0xff */ { NULL, NULL, 0 }
1311 /*******************************************************************
1312 allocate and initialize a reply packet
1313 ********************************************************************/
1315 void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes)
1318 * Protect against integer wrap
1320 if ((num_bytes > 0xffffff)
1321 || ((num_bytes + smb_size + num_words*2) > 0xffffff)) {
1323 asprintf(&msg, "num_bytes too large: %u",
1324 (unsigned)num_bytes);
1328 if (!(req->outbuf = TALLOC_ARRAY(
1330 smb_size + num_words*2 + num_bytes))) {
1331 smb_panic("could not allocate output buffer\n");
1334 construct_reply_common((char *)req->inbuf, (char *)req->outbuf);
1335 srv_set_message((char *)req->outbuf, num_words, num_bytes, false);
1337 * Zero out the word area, the caller has to take care of the bcc area
1340 if (num_words != 0) {
1341 memset(req->outbuf + smb_vwv0, 0, num_words*2);
1348 /*******************************************************************
1349 Dump a packet to a file.
1350 ********************************************************************/
1352 static void smb_dump(const char *name, int type, const char *data, ssize_t len)
1356 if (DEBUGLEVEL < 50) {
1360 if (len < 4) len = smb_len(data)+4;
1361 for (i=1;i<100;i++) {
1362 asprintf(&fname, "/tmp/%s.%d.%s", name, i,
1363 type ? "req" : "resp");
1367 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
1368 if (fd != -1 || errno != EEXIST) break;
1371 ssize_t ret = write(fd, data, len);
1373 DEBUG(0,("smb_dump: problem: write returned %d\n", (int)ret ));
1375 DEBUG(0,("created %s len %lu\n", fname, (unsigned long)len));
1380 /****************************************************************************
1381 Prepare everything for calling the actual request function, and potentially
1382 call the request function via the "new" interface.
1384 Return False if the "legacy" function needs to be called, everything is
1387 Return True if we're done.
1389 I know this API sucks, but it is the one with the least code change I could
1391 ****************************************************************************/
1393 static connection_struct *switch_message(uint8 type, struct smb_request *req, int size)
1397 connection_struct *conn = NULL;
1399 static uint16 last_session_tag = UID_FIELD_INVALID;
1403 /* Make sure this is an SMB packet. smb_size contains NetBIOS header
1404 * so subtract 4 from it. */
1405 if (!valid_smb_header(req->inbuf)
1406 || (size < (smb_size - 4))) {
1407 DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
1408 smb_len(req->inbuf)));
1409 exit_server_cleanly("Non-SMB packet");
1412 if (smb_messages[type].fn_new == NULL) {
1413 DEBUG(0,("Unknown message type %d!\n",type));
1414 smb_dump("Unknown", 1, (char *)req->inbuf, size);
1415 reply_unknown_new(req, type);
1419 flags = smb_messages[type].flags;
1421 /* In share mode security we must ignore the vuid. */
1422 session_tag = (lp_security() == SEC_SHARE)
1423 ? UID_FIELD_INVALID : req->vuid;
1426 DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
1427 (int)sys_getpid(), (unsigned long)conn));
1429 smb_dump(smb_fn_name(type), 1, (char *)req->inbuf, size);
1431 /* Ensure this value is replaced in the incoming packet. */
1432 SSVAL(req->inbuf,smb_uid,session_tag);
1435 * Ensure the correct username is in current_user_info. This is a
1436 * really ugly bugfix for problems with multiple session_setup_and_X's
1437 * being done and allowing %U and %G substitutions to work correctly.
1438 * There is a reason this code is done here, don't move it unless you
1439 * know what you're doing... :-).
1443 if (session_tag != last_session_tag) {
1444 user_struct *vuser = NULL;
1446 last_session_tag = session_tag;
1447 if(session_tag != UID_FIELD_INVALID) {
1448 vuser = get_valid_user_struct(session_tag);
1450 set_current_user_info(&vuser->user);
1455 /* Does this call need to be run as the connected user? */
1456 if (flags & AS_USER) {
1458 /* Does this call need a valid tree connection? */
1461 * Amazingly, the error code depends on the command
1464 if (type == SMBntcreateX) {
1465 reply_nterror(req, NT_STATUS_INVALID_HANDLE);
1467 reply_doserror(req, ERRSRV, ERRinvnid);
1472 if (!change_to_user(conn,session_tag)) {
1473 reply_nterror(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
1477 /* All NEED_WRITE and CAN_IPC flags must also have AS_USER. */
1479 /* Does it need write permission? */
1480 if ((flags & NEED_WRITE) && !CAN_WRITE(conn)) {
1481 reply_nterror(req, NT_STATUS_MEDIA_WRITE_PROTECTED);
1485 /* IPC services are limited */
1486 if (IS_IPC(conn) && !(flags & CAN_IPC)) {
1487 reply_doserror(req, ERRSRV,ERRaccess);
1491 /* This call needs to be run as root */
1492 change_to_root_user();
1495 /* load service specific parameters */
1497 if (req->encrypted) {
1498 conn->encrypted_tid = true;
1499 /* encrypted required from now on. */
1500 conn->encrypt_level = Required;
1501 } else if (ENCRYPTION_REQUIRED(conn)) {
1502 uint8 com = CVAL(req->inbuf,smb_com);
1503 if (com != SMBtrans2 && com != SMBtranss2) {
1504 exit_server_cleanly("encryption required "
1510 if (!set_current_service(conn,SVAL(req->inbuf,smb_flg),
1511 (flags & (AS_USER|DO_CHDIR)
1513 reply_doserror(req, ERRSRV, ERRaccess);
1516 conn->num_smb_operations++;
1519 /* does this protocol need to be run as guest? */
1520 if ((flags & AS_GUEST)
1521 && (!change_to_guest() ||
1522 !check_access(smbd_server_fd(), lp_hostsallow(-1),
1523 lp_hostsdeny(-1)))) {
1524 reply_doserror(req, ERRSRV, ERRaccess);
1528 smb_messages[type].fn_new(req);
1532 /****************************************************************************
1533 Construct a reply to the incoming packet.
1534 ****************************************************************************/
1536 static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool encrypted)
1538 uint8 type = CVAL(inbuf,smb_com);
1539 connection_struct *conn;
1540 struct smb_request *req;
1546 if (!(req = talloc(talloc_tos(), struct smb_request))) {
1547 smb_panic("could not allocate smb_request");
1549 init_smb_request(req, (uint8 *)inbuf, unread_bytes, encrypted);
1551 conn = switch_message(type, req, size);
1553 if (req->unread_bytes) {
1554 /* writeX failed. drain socket. */
1555 if (drain_socket(smbd_server_fd(), req->unread_bytes) !=
1556 req->unread_bytes) {
1557 smb_panic("failed to drain pending bytes");
1559 req->unread_bytes = 0;
1562 if (req->outbuf == NULL) {
1566 if (CVAL(req->outbuf,0) == 0) {
1567 show_msg((char *)req->outbuf);
1570 if (!srv_send_smb(smbd_server_fd(),
1571 (char *)req->outbuf,
1572 IS_CONN_ENCRYPTED(conn)||req->encrypted)) {
1573 exit_server_cleanly("construct_reply: srv_send_smb failed.");
1581 /****************************************************************************
1582 Process an smb from the client
1583 ****************************************************************************/
1585 static void process_smb(char *inbuf, size_t nread, size_t unread_bytes, bool encrypted)
1587 static int trans_num;
1588 int msg_type = CVAL(inbuf,0);
1590 DO_PROFILE_INC(smb_count);
1592 if (trans_num == 0) {
1593 char addr[INET6_ADDRSTRLEN];
1595 /* on the first packet, check the global hosts allow/ hosts
1596 deny parameters before doing any parsing of the packet
1597 passed to us by the client. This prevents attacks on our
1598 parsing code from hosts not in the hosts allow list */
1600 if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
1601 lp_hostsdeny(-1))) {
1602 /* send a negative session response "not listening on calling name" */
1603 static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
1604 DEBUG( 1, ( "Connection denied from %s\n",
1605 client_addr(get_client_fd(),addr,sizeof(addr)) ) );
1606 (void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
1607 exit_server_cleanly("connection denied");
1611 DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
1613 DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num,
1615 (unsigned int)unread_bytes ));
1617 if (msg_type != 0) {
1619 * NetBIOS session request, keepalive, etc.
1621 reply_special(inbuf);
1627 construct_reply(inbuf,nread,unread_bytes,encrypted);
1632 /****************************************************************************
1633 Return a string containing the function name of a SMB command.
1634 ****************************************************************************/
1636 const char *smb_fn_name(int type)
1638 const char *unknown_name = "SMBunknown";
1640 if (smb_messages[type].name == NULL)
1641 return(unknown_name);
1643 return(smb_messages[type].name);
1646 /****************************************************************************
1647 Helper functions for contruct_reply.
1648 ****************************************************************************/
1650 static uint32 common_flags2 = FLAGS2_LONG_PATH_COMPONENTS|FLAGS2_32_BIT_ERROR_CODES;
1652 void add_to_common_flags2(uint32 v)
1657 void remove_from_common_flags2(uint32 v)
1659 common_flags2 &= ~v;
1662 void construct_reply_common(const char *inbuf, char *outbuf)
1664 srv_set_message(outbuf,0,0,false);
1666 SCVAL(outbuf,smb_com,CVAL(inbuf,smb_com));
1667 SIVAL(outbuf,smb_rcls,0);
1668 SCVAL(outbuf,smb_flg, FLAG_REPLY | (CVAL(inbuf,smb_flg) & FLAG_CASELESS_PATHNAMES));
1669 SSVAL(outbuf,smb_flg2,
1670 (SVAL(inbuf,smb_flg2) & FLAGS2_UNICODE_STRINGS) |
1672 memset(outbuf+smb_pidhigh,'\0',(smb_tid-smb_pidhigh));
1674 SSVAL(outbuf,smb_tid,SVAL(inbuf,smb_tid));
1675 SSVAL(outbuf,smb_pid,SVAL(inbuf,smb_pid));
1676 SSVAL(outbuf,smb_uid,SVAL(inbuf,smb_uid));
1677 SSVAL(outbuf,smb_mid,SVAL(inbuf,smb_mid));
1680 /****************************************************************************
1681 Construct a chained reply and add it to the already made reply
1682 ****************************************************************************/
1684 void chain_reply(struct smb_request *req)
1686 static char *orig_inbuf;
1689 * Dirty little const_discard: We mess with req->inbuf, which is
1690 * declared as const. If maybe at some point this routine gets
1691 * rewritten, this const_discard could go away.
1693 char *inbuf = CONST_DISCARD(char *, req->inbuf);
1694 int size = smb_len(req->inbuf)+4;
1696 int smb_com1, smb_com2 = CVAL(inbuf,smb_vwv0);
1697 unsigned smb_off2 = SVAL(inbuf,smb_vwv1);
1701 char inbuf_saved[smb_wct];
1702 char *outbuf = (char *)req->outbuf;
1703 size_t outsize = smb_len(outbuf) + 4;
1704 size_t outsize_padded;
1705 size_t ofs, to_move;
1707 struct smb_request *req2;
1708 size_t caller_outputlen;
1709 char *caller_output;
1711 /* Maybe its not chained, or it's an error packet. */
1712 if (smb_com2 == 0xFF || SVAL(outbuf,smb_rcls) != 0) {
1713 SCVAL(outbuf,smb_vwv0,0xFF);
1717 if (chain_size == 0) {
1718 /* this is the first part of the chain */
1723 * We need to save the output the caller added to the chain so that we
1724 * can splice it into the final output buffer later.
1727 caller_outputlen = outsize - smb_wct;
1729 caller_output = (char *)memdup(outbuf + smb_wct, caller_outputlen);
1731 if (caller_output == NULL) {
1732 /* TODO: NT_STATUS_NO_MEMORY */
1733 smb_panic("could not dup outbuf");
1737 * The original Win95 redirector dies on a reply to
1738 * a lockingX and read chain unless the chain reply is
1739 * 4 byte aligned. JRA.
1742 outsize_padded = (outsize + 3) & ~3;
1745 * remember how much the caller added to the chain, only counting
1746 * stuff after the parameter words
1748 chain_size += outsize_padded - smb_wct;
1751 * work out pointers into the original packets. The
1752 * headers on these need to be filled in
1754 inbuf2 = orig_inbuf + smb_off2 + 4 - smb_wct;
1756 /* remember the original command type */
1757 smb_com1 = CVAL(orig_inbuf,smb_com);
1759 /* save the data which will be overwritten by the new headers */
1760 memcpy(inbuf_saved,inbuf2,smb_wct);
1762 /* give the new packet the same header as the last part of the SMB */
1763 memmove(inbuf2,inbuf,smb_wct);
1765 /* create the in buffer */
1766 SCVAL(inbuf2,smb_com,smb_com2);
1768 /* work out the new size for the in buffer. */
1769 new_size = size - (inbuf2 - inbuf);
1771 DEBUG(0,("chain_reply: chain packet size incorrect "
1772 "(orig size = %d, offset = %d)\n",
1773 size, (int)(inbuf2 - inbuf) ));
1774 exit_server_cleanly("Bad chained packet");
1778 /* And set it in the header. */
1779 smb_setlen(inbuf2, new_size - 4);
1781 DEBUG(3,("Chained message\n"));
1784 if (!(req2 = talloc(talloc_tos(), struct smb_request))) {
1785 smb_panic("could not allocate smb_request");
1787 init_smb_request(req2, (uint8 *)inbuf2,0, req->encrypted);
1789 /* process the request */
1790 switch_message(smb_com2, req2, new_size);
1793 * We don't accept deferred operations in chained requests.
1795 SMB_ASSERT(req2->outbuf != NULL);
1796 outsize2 = smb_len(req2->outbuf)+4;
1799 * Move away the new command output so that caller_output fits in,
1800 * copy in the caller_output saved above.
1803 SMB_ASSERT(outsize_padded >= smb_wct);
1806 * "ofs" is the space we need for caller_output. Equal to
1807 * caller_outputlen plus the padding.
1810 ofs = outsize_padded - smb_wct;
1813 * "to_move" is the amount of bytes the secondary routine gave us
1816 to_move = outsize2 - smb_wct;
1818 if (to_move + ofs + smb_wct + chain_size > max_send) {
1819 smb_panic("replies too large -- would have to cut");
1823 * In the "new" API "outbuf" is allocated via reply_outbuf, just for
1824 * the first request in the chain. So we have to re-allocate it. In
1825 * the "old" API the only outbuf ever used is the global OutBuffer
1826 * which is always large enough.
1829 outbuf = TALLOC_REALLOC_ARRAY(NULL, outbuf, char,
1830 to_move + ofs + smb_wct);
1831 if (outbuf == NULL) {
1832 smb_panic("could not realloc outbuf");
1835 req->outbuf = (uint8 *)outbuf;
1837 memmove(outbuf + smb_wct + ofs, req2->outbuf + smb_wct, to_move);
1838 memcpy(outbuf + smb_wct, caller_output, caller_outputlen);
1841 * copy the new reply header over the old one but preserve the smb_com
1844 memmove(outbuf, req2->outbuf, smb_wct);
1845 SCVAL(outbuf, smb_com, smb_com1);
1848 * We've just copied in the whole "wct" area from the secondary
1849 * function. Fix up the chaining: com2 and the offset need to be
1853 SCVAL(outbuf, smb_vwv0, smb_com2);
1854 SSVAL(outbuf, smb_vwv1, chain_size + smb_wct - 4);
1856 if (outsize_padded > outsize) {
1859 * Due to padding we have some uninitialized bytes after the
1863 memset(outbuf + outsize, 0, outsize_padded - outsize);
1866 smb_setlen(outbuf, outsize2 + chain_size - 4);
1869 * restore the saved data, being careful not to overwrite any data
1870 * from the reply header
1872 memcpy(inbuf2,inbuf_saved,smb_wct);
1874 SAFE_FREE(caller_output);
1880 /****************************************************************************
1881 Setup the needed select timeout in milliseconds.
1882 ****************************************************************************/
1884 static int setup_select_timeout(void)
1888 select_timeout = SMBD_SELECT_TIMEOUT*1000;
1890 if (print_notify_messages_pending()) {
1891 select_timeout = MIN(select_timeout, 1000);
1894 return select_timeout;
1897 /****************************************************************************
1898 Check if services need reloading.
1899 ****************************************************************************/
1901 void check_reload(time_t t)
1903 static pid_t mypid = 0;
1904 static time_t last_smb_conf_reload_time = 0;
1905 static time_t last_printer_reload_time = 0;
1906 time_t printcap_cache_time = (time_t)lp_printcap_cache_time();
1908 if(last_smb_conf_reload_time == 0) {
1909 last_smb_conf_reload_time = t;
1910 /* Our printing subsystem might not be ready at smbd start up.
1911 Then no printer is available till the first printers check
1912 is performed. A lower initial interval circumvents this. */
1913 if ( printcap_cache_time > 60 )
1914 last_printer_reload_time = t - printcap_cache_time + 60;
1916 last_printer_reload_time = t;
1919 if (mypid != getpid()) { /* First time or fork happened meanwhile */
1920 /* randomize over 60 second the printcap reload to avoid all
1921 * process hitting cupsd at the same time */
1922 int time_range = 60;
1924 last_printer_reload_time += random() % time_range;
1928 if (reload_after_sighup || (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK)) {
1929 reload_services(True);
1930 reload_after_sighup = False;
1931 last_smb_conf_reload_time = t;
1934 /* 'printcap cache time = 0' disable the feature */
1936 if ( printcap_cache_time != 0 )
1938 /* see if it's time to reload or if the clock has been set back */
1940 if ( (t >= last_printer_reload_time+printcap_cache_time)
1941 || (t-last_printer_reload_time < 0) )
1943 DEBUG( 3,( "Printcap cache time expired.\n"));
1945 last_printer_reload_time = t;
1950 /****************************************************************************
1951 Process any timeout housekeeping. Return False if the caller should exit.
1952 ****************************************************************************/
1954 static bool timeout_processing(int *select_timeout,
1955 time_t *last_timeout_processing_time)
1959 if (*get_srv_read_error() == SMB_READ_EOF) {
1960 DEBUG(3,("timeout_processing: End of file from client (client has disconnected).\n"));
1964 if (*get_srv_read_error() == SMB_READ_ERROR) {
1965 DEBUG(3,("timeout_processing: receive_smb error (%s) Exiting\n",
1970 if (*get_srv_read_error() == SMB_READ_BAD_SIG) {
1971 DEBUG(3,("timeout_processing: receive_smb error bad smb signature. Exiting\n"));
1975 *last_timeout_processing_time = t = time(NULL);
1977 /* become root again if waiting */
1978 change_to_root_user();
1980 /* check if we need to reload services */
1983 if(global_machine_password_needs_changing &&
1984 /* for ADS we need to do a regular ADS password change, not a domain
1986 lp_security() == SEC_DOMAIN) {
1988 unsigned char trust_passwd_hash[16];
1992 * We're in domain level security, and the code that
1993 * read the machine password flagged that the machine
1994 * password needs changing.
1998 * First, open the machine password file with an exclusive lock.
2001 if (secrets_lock_trust_account_password(lp_workgroup(), True) == False) {
2002 DEBUG(0,("process: unable to lock the machine account password for \
2003 machine %s in domain %s.\n", global_myname(), lp_workgroup() ));
2007 if(!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd_hash, &lct, NULL)) {
2008 DEBUG(0,("process: unable to read the machine account password for \
2009 machine %s in domain %s.\n", global_myname(), lp_workgroup()));
2010 secrets_lock_trust_account_password(lp_workgroup(), False);
2015 * Make sure someone else hasn't already done this.
2018 if(t < lct + lp_machine_password_timeout()) {
2019 global_machine_password_needs_changing = False;
2020 secrets_lock_trust_account_password(lp_workgroup(), False);
2024 /* always just contact the PDC here */
2026 change_trust_account_password( lp_workgroup(), NULL);
2027 global_machine_password_needs_changing = False;
2028 secrets_lock_trust_account_password(lp_workgroup(), False);
2031 /* update printer queue caches if necessary */
2033 update_monitored_printq_cache();
2036 * Now we are root, check if the log files need pruning.
2037 * Force a log file check.
2039 force_check_log_size();
2042 /* Send any queued printer notify message to interested smbd's. */
2044 print_notify_send_messages(smbd_messaging_context(), 0);
2047 * Modify the select timeout depending upon
2048 * what we have remaining in our queues.
2051 *select_timeout = setup_select_timeout();
2056 /****************************************************************************
2057 Process commands from the client
2058 ****************************************************************************/
2060 void smbd_process(void)
2062 time_t last_timeout_processing_time = time(NULL);
2063 unsigned int num_smbs = 0;
2064 size_t unread_bytes = 0;
2066 max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
2069 int select_timeout = setup_select_timeout();
2073 bool encrypted = false;
2074 TALLOC_CTX *frame = talloc_stackframe();
2078 /* Did someone ask for immediate checks on things like blocking locks ? */
2079 if (select_timeout == 0) {
2080 if(!timeout_processing(&select_timeout,
2081 &last_timeout_processing_time))
2083 num_smbs = 0; /* Reset smb counter. */
2086 run_events(smbd_event_context(), 0, NULL, NULL);
2088 while (!receive_message_or_smb(NULL, &inbuf, &inbuf_len,
2092 if(!timeout_processing(&select_timeout,
2093 &last_timeout_processing_time))
2095 num_smbs = 0; /* Reset smb counter. */
2100 * Ensure we do timeout processing if the SMB we just got was
2101 * only an echo request. This allows us to set the select
2102 * timeout in 'receive_message_or_smb()' to any value we like
2103 * without worrying that the client will send echo requests
2104 * faster than the select timeout, thus starving out the
2105 * essential processing (change notify, blocking locks) that
2106 * the timeout code does. JRA.
2108 num_echos = smb_echo_count;
2110 process_smb(inbuf, inbuf_len, unread_bytes, encrypted);
2114 if (smb_echo_count != num_echos) {
2115 if(!timeout_processing( &select_timeout, &last_timeout_processing_time))
2117 num_smbs = 0; /* Reset smb counter. */
2123 * If we are getting smb requests in a constant stream
2124 * with no echos, make sure we attempt timeout processing
2125 * every select_timeout milliseconds - but only check for this
2126 * every 200 smb requests.
2129 if ((num_smbs % 200) == 0) {
2130 time_t new_check_time = time(NULL);
2131 if(new_check_time - last_timeout_processing_time >= (select_timeout/1000)) {
2132 if(!timeout_processing(
2134 &last_timeout_processing_time))
2136 num_smbs = 0; /* Reset smb counter. */
2137 last_timeout_processing_time = new_check_time; /* Reset time. */
2141 /* The timeout_processing function isn't run nearly
2142 often enough to implement 'max log size' without
2143 overrunning the size of the file by many megabytes.
2144 This is especially true if we are running at debug
2145 level 10. Checking every 50 SMBs is a nice
2146 tradeoff of performance vs log file size overrun. */
2148 if ((num_smbs % 50) == 0 && need_to_check_log_size()) {
2149 change_to_root_user();